Encryption

License Availability

As the data security threat landscape continues to evolve, mounting concerns over data breaches and data theft are driving organizations to adopt advanced data protection practices that comply with regulatory standards such as PCI-SS (Payment Card Industry Security Standard), HIPAA and FIPS 140 in financial, healthcare and government industries, respectively.

Despite your best efforts to shield the network perimeter against malicious attacks using firewalls and VPNs, data stored on disk in cleartext remains exposed to additional threats. Particularly when disks leave your control. That’s more often than you think. For example:

Disks sent for repair

Returned under warranty

Lease expires

EOL (end of life)

Stolen

Discarded following a failure

Retired

Sold

Repurposed

The DataCore Difference

Encryption-at-rest from DataCore in conjunction with other security Best Current Practices (BCPs) protects against these vulnerabilities by scrambling the contents of virtual disks on the physical storage device. Consider someone at a maintenance depot trying to steal confidential information while they were repairing your disks drives.

Although they could read or copy the bits on the drive, without the encryption keys, they could not unscramble the encrypted virtual disks to draw any value from them. DataCore employs XTS-AES 256 bit algorithms known for their strong cryptographic deterrents against unauthorized use.

No Hardware, Database or Applications Changes Necessary

DataCore’s data at rest encryption provides enhanced security that is not dependent on the model or brand of storage equipment. It can be used with your existing or future devices for primary, secondary and cloud storage.

Data at rest encryption from DataCore eliminates the need for hardware upgrades or costly self-encrypted drives and does not require any recoding of applications or databases. Users and developers continue to access data as they have before while the system unencrypts the data prior to presenting it to applications and then encrypts it before it is stored on disk – all in the background.

Easy and Cost-Effective

Encryption, like synchronous mirroring and other DataCore advanced data protection functions, is available as an option anytime you create a new virtual disk on select editions of the product. You may enable encryption from the console menu, through REST APIs or via PowerShell Cmdlets.

You may also set encryption in the default virtual disk templates. Such simplicity and uniformity make organization-wide adherence to security policies that much easier.

Secure Key Management

The DataCore software automatically generates and securely stores cryptographic keys used to encrypt and unencrypt the data.

As with any encryption technology, the system administrators in charge of the DataCore software have the responsibility for saving a copy of the encrypted keys in a separate secure location. Should the storage device be separated from the originating DataCore node, a copy of the keys will be needed to unencrypt the drive’s contents.